Cybereason CEO leaves after months of boardroom blowups
Complaint alleges 13 funding proposals foundered amid battle for control
Security06 Mar 2025 |
Security
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox
Cyber-crime06 Mar 2025 | 2
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security
Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told
Public Sector05 Mar 2025 | 16
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
Updated They're good at zero-day exploits, too
Public Sector05 Mar 2025 | 7
Apple drags UK government to court over 'backdoor' order
Updated A first-of-its-kind legal challenge set to be heard this month, per reports
Security05 Mar 2025 | 70
Leeds United kick card swipers into Row Z after 5-day cyberattack
English football club offers apologies after fans' card details stolen from online retail store
Cyber-crime05 Mar 2025 | 5
Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility
'No regrets' crew continues extorting victims, leaking highly sensitive data
Ransomware in Focus05 Mar 2025 | 1
How prevention is better than cure
Stop cyberattacks before they happen with preventative endpoint security
Sponsored Post
Ransomware thugs threaten Tata Technologies with leak if demands not met
Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant
Ransomware in Focus05 Mar 2025 | 4
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
How Google tracks Android device users before they've even opened an app
No warning, no opt-out, and critic claims ... no consent
Security04 Mar 2025 | 82
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake
Says the biz trying to sell us stuff to catch that, admittedly
AI + ML04 Mar 2025 | 15
Plugging the holes in open banking
Enhancing API security for financial institutions
Partner Content
So … Russia no longer a cyber threat to America?
Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks
Public Sector04 Mar 2025 | 193
Cybersecurity not the hiring-'em-like-hotcakes role it once was
Analysis Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts
CSO03 Mar 2025 | 17
Microsoft unveils finalized EU Data Boundary as European doubt over US grows
Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored
PaaS + IaaS03 Mar 2025 | 47
Polish space agency confirms cyberattack
Officials vow to uncover who was behind it
Ransomware in Focus03 Mar 2025 | 3
UK watchdog investigates TikTok and Reddit over child data privacy concerns
ICO looking at what data is used to serve up recommendations
Security03 Mar 2025 | 3
Governments can't seem to stop asking for secret backdoors
Opinion Cut off one head and 100 grow back? Decapitation may not be the way to go
Cyber-crime03 Mar 2025 | 116
US Cyber Command reportedly pauses cyberattacks on Russia
Infosec In Brief PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more
Security03 Mar 2025 | 95
Popular
How Google tracks Android device users before they've even opened an app
No warning, no opt-out, and critic claims ... no consent
Please fasten your seatbelts. A third of US air traffic control systems are 'unsustainable'
And the FAA's modernization efforts are going so badly they won't exit turbulence any time soon
Apple drags UK government to court over 'backdoor' order
Updated A first-of-its-kind legal challenge set to be heard this month, per reports
Cloudflare's bot bouncer blocks weirdo browsers
Not on Firefox or a Chrome derivative? You shall not pass
SpaceX loses a Falcon 9 booster and scrubs a Starship
Reusable first stage of workhorse tips over after landing
Firefox 136 finally brings the features that fans wanted
Vertical tabs, native Arm64 Linux version, and AMD GPU-accelerated video playback
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Microsoft: So what if it costs 4X as much to run Windows Server in AWS, Alibaba, and Google?
That's competition, that's protecting our IP, Redmond's lawyers tell UK monopoly cops
Windows 365 Disaster Recovery Plus promises Cloud PC comebacks in 30 minutes
Presumably hosted by AWS?
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake
Says the biz trying to sell us stuff to catch that, admittedly
STORIES
C++ creator calls for help to defend programming language from 'serious attacks'
Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door
Software02 Mar 2025 | 202
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
1 in 3 entries are used to extort civilians, says new paper
Ransomware in Focus28 Feb 2025 | 5
Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators
Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim
AI + ML28 Feb 2025 | 3
Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’
FYI: What NOT to search after committing a crime
Cyber-crime27 Feb 2025 | 34
FBI officially fingers North Korea for $1.5B Bybit crypto-burglary
Federal agents, open up ... your browsers and see if you recognize any of these wallets
Cyber-crime27 Feb 2025 | 24
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o
Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity
AI + ML27 Feb 2025 | 128
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time
Boffins poked around inside censorship engines – here's what they found
Networks27 Feb 2025 | 39
With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare
244M purloined passwords added to Have I Been Pwned thanks to govt tip-off
Cyber-crime26 Feb 2025 | 10
Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation
Cyber-crime26 Feb 2025 | 15
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Starting with Snapdragon 8 Elite and 'droid 15
Personal Tech26 Feb 2025 | 5
Signal will withdraw from Sweden if encryption-busting laws take effect
Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect
Security26 Feb 2025 | 119
200-plus impressively convincing GitHub repos are serving up malware
Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack
Security26 Feb 2025 | 9
Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in
Plus: New figurehead of DOGE emerges and they aren't called Elon
Public Sector26 Feb 2025 | 37
Drug-screening biz DISA took a year to disclose security breach affecting millions
If there's something nasty on your employment record, extortion scum could come calling
Cyber-crime26 Feb 2025 | 5
Xi know what you did last summer: China was all up in Republicans' email, says book
Of course, Microsoft is in the mix, isn't it
Cyber-crime25 Feb 2025 | 30
MITRE Caldera security suite scores perfect 10 for insecurity
Is a trivial remote-code execution hole in every version part of the training, or?
Research25 Feb 2025 | 11
Harassment allegations against DEF CON veteran detailed in court filing
More than a dozen women came forward with accusations
Security25 Feb 2025 | 12
Data resilience and data portability
Why organizations should protect everything, everywhere, all at once
Sponsored Feature
China's Silver Fox spoofs medical imaging apps to hijack patients' computers
Sly like a PRC cyberattack
Research25 Feb 2025 | 2
Malware variants that target operational tech systems are very rare – but 2 were found last year
Fuxnet and FrostyGoop were both used in the Russia-Ukraine war
Research25 Feb 2025 | 4
Southern Water takes the fifth over alleged $750K Black Basta ransom offer
Leaked chats and spilled secrets as AI helps decode circa 200K private talks
Ransomware in Focus25 Feb 2025 | 34
How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit
Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process
AI + ML25 Feb 2025 | 30
Google binning SMS MFA at last and replacing it with QR codes
Everyone knew texted OTPs were a dud back in 2016
CSO25 Feb 2025 | 105
US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon's toes
'Appropriate action will be taken,' we're told – as federal HR email sparks uproar, ax falls on CISA staff
Public Sector24 Feb 2025 | 134
Shifting the cybersecurity odds
Four domains to build resilience
Partner Content
The software UK techies need to protect themselves now Apple's ADP won’t
No matter how deep you are in Apple's 'ecosystem,’ there are ways to stay encrypted in Blighty
Security24 Feb 2025 | 124
Rather than add a backdoor, Apple decides to kill iCloud encryption for UK peeps
Infosec in brief Plus: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more
Security24 Feb 2025 | 88
Experts race to extract intel from Black Basta internal chat leaks
Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data
Ransomware in Focus21 Feb 2025 | 5
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
PoC exploit code shows why this is a patch priority
Patches21 Feb 2025 |
Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar
It comes amid a major crackdown on the abusive industry that started during COVID
Security21 Feb 2025 | 4
Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable
Final update Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em
OSes21 Feb 2025 | 178
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Said bugs 'can have significant implications' – glad to hear that from Redmond
AI + ML20 Feb 2025 | 7
Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft
Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites
Cyber-crime20 Feb 2025 | 4
US minerals company says crooks broke into email and helped themselves to $500K
A painful loss for young company that's yet to generate revenue
Cyber-crime20 Feb 2025 | 10
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution
Bugs fixed, updating to the latest version is advisable
Research20 Feb 2025 | 2
Two arrested after pensioner scammed out of six-figure crypto nest egg
The latest in a long line of fraud stings worth billions each year
Security20 Feb 2025 | 18
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder - deep sigh - about the importance of patching and backups
Ransomware in Focus20 Feb 2025 | 7
Medusa ransomware gang demands $2M from UK private health services provider
Exclusive 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident'
Cyber-crime20 Feb 2025 | 10
US Army soldier linked to Snowflake extortion rampage admits breaking the law
That's the way the cookie melts
Cyber-crime20 Feb 2025 |
Trump’s DoD CISO pick previously faced security clearance suspension
Hey, at least Katie Arrington brings a solid resume
Public Sector19 Feb 2025 | 14
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys ... but so can miscreants
Security19 Feb 2025 | 2
Hundreds of Dutch medical records bought for pocket change at flea market
15GB of sensitive files traced back to former software biz
Storage19 Feb 2025 | 40
London celebrity talent agency reports itself to ICO following Rhysida attack claims
Showbiz members' passport scans already plastered online
Cyber-crime19 Feb 2025 | 2
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help
Security19 Feb 2025 | 8
Palo Alto firewalls under attack as miscreants chain flaws for root access
If you want to avoid urgent patches, stop exposing management consoles to the public internet
Security19 Feb 2025 | 8
Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload
Because stealing your credentials, banking info, and IP just wasn’t enough
Research18 Feb 2025 | 8
US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware
Called it an 'incident' in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word
Ransomware in Focus18 Feb 2025 | 12
FreSSH bugs undiscovered for years threaten OpenSSH security
Exploit code now available for MitM and DoS attacks
Patches18 Feb 2025 | 16
Time to make C the COBOL of this century
Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees
CSO18 Feb 2025 | 223
Indian authorities seize loot from collapsed BitConnect crypto scam
Devices containing crypto wallets tracked online, then in the real world
Cyber-crime18 Feb 2025 | 14
XCSSET macOS malware returns with first new version since 2022
Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert
Research17 Feb 2025 | 6
Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps
Infosec In Brief PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more!
Security17 Feb 2025 | 12
Fujitsu worries US tariffs will see its clients slow digital spend
Asia In Brief PLUS: Pacific islands targeted by Chinese APT; China’s new rocket soars; DeepSeek puts Korea in a pickle; and more
Public Sector16 Feb 2025 | 1
This open text-to-speech model needs just seconds of audio to clone your voice
Hands on El Reg shows you how to run Zyphra's speech-replicating AI on your own box
AI + ML16 Feb 2025 | 47
Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed
Interview 'In 50 years, I think we'll view these business practices like we view sweatshops today'
Security15 Feb 2025 | 74
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir
CSO15 Feb 2025 | 27
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew
Networks14 Feb 2025 | 9
Critical PostgreSQL bug tied to zero-day attack on US Treasury
High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further
Research14 Feb 2025 | 21
2 charged over alleged New IRA terrorism activity linked to cops' spilled data
Officer says mistakenly published police details were shared 'a considerable amount of times'
Security14 Feb 2025 | 21
Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself
Germany's Federal Cartel Office voices concerns iPhone maker may be breaking competition law
Security14 Feb 2025 | 23
Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks
Some employees steal sticky notes, others 'borrow' malicious code
Ransomware in Focus14 Feb 2025 | 11
More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks
Networks13 Feb 2025 | 5
US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor
Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down
Security13 Feb 2025 | 57
North Korea targets crypto developers via NPM supply chain attack
Yet another cash grab from Kim's cronies and an intel update from Microsoft
Research13 Feb 2025 | 8
Mysterious Palo Alto firewall reboots? You're not alone
Limited-edition hotfix to get wider release before end of month
Networks13 Feb 2025 | 6
Have I Been Pwned likely to ban resellers from buying subs, citing 'sh*tty behavior' and onerous support requests
'What are customers actually getting from resellers other than massive price markups?' asks Troy Hunt
Channel13 Feb 2025 | 33
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities
FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff
CSO13 Feb 2025 | 75
Sophos sheds 6% of staff after swallowing Secureworks
De-dupes some roles, hints others aren't needed as the infosec scene shifts
CSO13 Feb 2025 | 7
Trump’s cyber chief pick has little experience in The Cyber
GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard
Public Sector12 Feb 2025 | 54
Arizona laptop farmer pleads guilty for funneling $17M to Kim Jong Un
300+ US companies, 70+ individuals hit by the fraudsters
Cyber-crime12 Feb 2025 | 20
Ransomware isn't always about the money: Government spies have objectives, too
Feature Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data
Ransomware in Focus12 Feb 2025 | 7
Russia's Sandworm caught snarfing credentials, data from American and Brit orgs
'Near-global' initial access campaign active since 2021
Research12 Feb 2025 | 9
Crimelords and spies for rogue states are working together, says Google
Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us?
Cyber-crime12 Feb 2025 | 21
February's Patch Tuesday sees Microsoft offer just 63 fixes
Patch Tuesday Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins
Security12 Feb 2025 | 10
Probe finds US Coast Guard has left maritime cybersecurity adrift
Numerous systemic vulnerabilities could scuttle $5.4T industry
Public Sector11 Feb 2025 | 13
Yup, AMD's Elba and Giglio definitely sound like they work corporate security
Which is why Cisco is adding these Pensando DPUs to more switches
Networks11 Feb 2025 | 3
'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters
Rustaceans could just wait for unwelcoming C coders to slowly SIGQUIT...
OSes11 Feb 2025 | 44
Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining
These crooks have no chill
Ransomware in Focus11 Feb 2025 |
UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers
Huge if true: Brit Foreign Sec says Putin running a 'corrupt mafia state'
Cyber-crime11 Feb 2025 | 41
Man who SIM-swapped the SEC's X account pleads guilty
Said to have asked search engine 'What are some signs that the FBI is after you?'
Cyber-crime11 Feb 2025 | 9
Biting the hand that feeds IT
